Why DDoS attacks matter for journalists

Two reasons that journalists should be concerned about DDoS attacks:

First, while the use of common household devices to execute the attacks against Krebs and Dyn was novel, the hackers got control of those devices using one of the oldest and easiest methods out there: bad passwords, a vulnerability most journalists share.

The second reason journalists should attend to these attacks is that strategic use of both DDoS attacks (for example, recent attacks on Newsweek and the BBC) and DNS manipulation are common tools for censorship. This is in part because they are cheap, easy (the software credited with Friday’s attack was posted openly just a few weeks ago), and highly effective in preventing some or all internet users from accessing the content they target.

We’re at the edge of a particularly bad security chasm we’re just about to fall into (if we haven’t already!). The question is whether we can actually avoid the fall or whether the best we can do right now is lessen the hurt on the way down.


Police Using Journalists’ Metadata to Hunt Down Whistleblowers

Police Using Journalists’ Metadata to Hunt Down Whistleblowers:

In the past year, the Australian Federal Police has been asked to investigate a piece in The Australian about the Government’s’ leaked Draft Defence White Paper, and a Fairfax Media story on a proposal to reform to citizenship laws.

Just last week, police raided Parliament House in an attempt to track down the source of an embarrassing leak about the National Broadband Network. It’s feared that these investigations, along with increased penalties for whistleblowers, are hindering the ability of journalists to hold policymakers to account.

It was with this in mind that the Opposition eventually voted for the amendments that created the Journalist Information Warrant scheme, and allowed the Data Retention laws to pass last year. In a last minute effort to shore up support for the legislation, the Government agreed to add provisions for ‘safeguards’ that would, in theory, prevent the scheme being used to target journalists’ sources. However, a closer look at the scheme reveals its flaws.

When a democracy creates warranting schemes solely to determine who is willing to speak with journalists, the democracy is demonstrably in danger of slipping free of the grasp of the citizenry.


In 2010 and 2011, many discounted and differentiated Julian Assange from mainstream journalists by comparing him to a spy or foreign agent, despite the fact that he was just doing what every major US journalism organization does: publishing leaked classified information in the public interest.

Well, the government alleges in Rosen’s case that he acted “much like an intelligence officer would run a clandestine intelligence source” and communicated his “clandestine communications plan.” This is reminiscent of a disturbing House Judiciary hearing last year where the committee’s lead witness compared the New York Times’ David Sanger to a spy, saying he “systematically penetrating the Obama White House as effectively as any foreign agent.”

By that language, the government is arguing journalism is now akin to spying, no matter if its WikiLeaks or the mainstream press.


Attacks on the Press: A Moving Target – Committee to Protect Journalists:

While not every journalist is an international war correspondent, every journalist’s cellphone is untrustworthy. Mobile phones, and in particular Internet-enabled smartphones, are used by reporters around the world to gather and transmit news. But mobile phones also make journalists easier to locate and intimidate, and confidential sources easier to uncover. Cellular systems can pinpoint individual users within a few meters, and cellphone providers record months, even years, of individual movements and calls. Western cellphone companies like TeliaSonera and France Telecom have been accused by investigative journalists in their home countries of complicity in tracking reporters, while mobile spying tools built for law enforcement in Western countries have, according to computer security researchers working with human rights activists, been exported for use against journalists working under repressive regimes in Ethiopia, Bahrain, and elsewhere.


“Reporters need to understand that mobile communications are inherently insecure and expose you to risks that are not easy to detect or overcome,” says Katrin Verclas of the National Democratic Institute. Activists such as Verclas have been working on sites like SaferMobile, which give basic advice for journalists to protect themselves. CPJ recently published a security guide that addresses the use of satellite phones and digital mobile technologies. But repressive governments don’t need to keep up with all the tricks of mobile computing; they can merely set aside budget and strip away privacy laws to get all the power they need. Unless regulators, technology companies, and media personnel step up their own defenses of press freedom, the cellphone will become journalists’ most treacherous tool.

Network surveillance is a very real problem that journalists and, by extension, their sources have to account for. The problem is that many of the security tools that are used to protect confidential communications are awkward to use, provide to sources, and use correctly without network censors detecting the communication. Worst is when journalists simply externalize risk, putting sources at risk in the service of ‘getting the story’ in order to ‘spread the word.’ Such externalization is unfortunately common and generates fear and distrust in journalists.


Social Media Used to Target Advocate/Journalist

While it comes as no surprise that police monitored Facebook during last year’s Occupy protests, in the case of Occupy Miami an advocate/journalist was specifically targeted after his Facebook profile was subjected to police surveillance. An email produced in the court case revealed:

the police had been monitoring Miller’s Facebook page and had sent out a notice warning officers in charge of evicting the Occupy Miami protestors that Miller was planning to cover the process.

Significantly, the police tried to destroy evidence showing that they had unlawfully targeted the advocate, footage that (after having been forensically recovered) revealed that the charges laid against the advocate were blatantly false. That authorities conduct such surveillance – often without the targets of surveillance knowing that they have been targeted or, when targeted, why – matters for the general population because lawfully exercising one’s rights increasingly leads to citizens being punished for doing so. Moreover, when the surveillance is accompanied by deliberate attempts to undermine citizens’ capacities to respond to unlawful detentions and false charges, we have a very, very real problem that can affect any citizen.

We know from academic research conducted by scholars such as Jeffrey Monaghan and Kevin Walby that Canadian authorities use broad catch-all caricatures during major events to identify ‘problem populations.’ We also know that many of the suspects that are identified during such events are identically labeled regardless of actually belonging in the caricature population. The capacity to ‘effectively’ sort in a way resembling fact or reality is marginal at best. Consequently, we can’t just say that the case of Occupy surveillance is an ‘American thing’: Canadian authorities do the same thing to Canadian citizens of all ages, be they high school or university students, employed middle-aged citizens, or the elderly. These are surveillance and sorting processes that are widely adopted with relatively poor regulation or oversight. These processes speak to the significant expansion of what constitutes general policing as well as speaking to the state-born risks of citizens even in ‘safe’ countries using social media in an unreflective manner.


US Government’s Harassment Made Visible

When your government behaves in such a way that innocent citizens are forced to act as a spies to keep safe, then it’s evident that something has gone terribly awry. Laura Poitras, an American citizen and journalist, now lives like a spy: under the constant pressure of potential government harassment and surveillance of herself, her sources, and anyone that is particularly close to her.

Her crime? Being an award winning filmmaker who has produced films addressing the negative impacts of American imperialism abroad.

Glenn Greenwald has a terrific piece that unpacks what it means to be a prominent journalist, activist, or simple government contrarian who is willing to take entirely legal actions against the American state. Actions like speaking up or otherwise exercising basic civil rights. I won’t lie: it’s a long piece, probably not something you can skim in 2-3 minutes. But if you only read one thing that holds your attention for 10-15 minutes today, go read Glenn’s piece. It’s eye opening.

As a teaser:

In many instances, DHS agents also detain and interrogate her in the foreign airport before her return, on one trip telling her that she would be barred from boarding her flight back home, only to let her board at the last minute. When she arrived at JFK Airport on Thanksgiving weekend of 2010, she was told by one DHS agent — after she asserted her privileges as a journalist to refuse to answer questions about the individuals with whom she met on her trip — that he “finds it very suspicious that you’re not willing to help your country by answering our questions.” They sometimes keep her detained for three to four hours (all while telling her that she will be released more quickly if she answers all their questions and consents to full searches).

Poitras is now forced to take extreme steps — ones that hamper her ability to do her work — to ensure that she can engage in her journalism and produce her films without the U.S. Government intruding into everything she is doing. She now avoids traveling with any electronic devices. She uses alternative methods to deliver the most sensitive parts of her work — raw film and interview notes — to secure locations. She spends substantial time and resources protecting her computers with encryption and password defenses. Especially when she is in the U.S., she avoids talking on the phone about her work, particularly to sources. And she simply will not edit her films at her home out of fear — obviously well-grounded — that government agents will attempt to search and seize the raw footage.

(Read More)